0

I was wondering what would be the best way to allow users with names that contain special characters to be able to register to website witout 'pre-converting' them into non-special character names before input, but still to keep my website secure (like to make it unable or to avoid registering with a name like "-.lčćo+'90'žž++'-.." or something like that) ?

Thanks a lot.

  • 1
    How would special characters compromise your website's security? – Hatchet Dec 24 '16 at 17:32
  • 1
    Do you mean to insert to database? Then simply use prepared statements. – bansi Dec 24 '16 at 17:35
  • I saw as I'm learning that a lot of people try to avoid special characters in register forms beacuse of injections and etc. The website that I'm building won't contain any special data that needs to be secure but as I'm making it I was wondering how to do it so I can maybe implement it in my future projects. Well, I guess @bansi And btw. I just started to learn php and mysql so :) –  Dec 24 '16 at 17:39
  • Don't worry. No special characters can harm security if you are using prepared statements. Everything goes to database as string. Perfectly secured by database server. – bansi Dec 24 '16 at 17:43
  • an old answer i found here..http://stackoverflow.com/questions/134099/are-pdo-prepared-statements-sufficient-to-prevent-sql-injection can provide some more info in case you want.. – RohitS Dec 24 '16 at 17:58

1 Answers1

2

Assuming you're storing the user data in a database, simply make sure you're storing the data with a Unicode character encoding (as opposed to ASCII, which doesn't support special characters, or at least not as many as Unicode), secure against SQL injection (look up PDO and prepared statements - here's a good tutorial), and you should be good.

Hatchet
  • 5,320
  • 1
  • 30
  • 42